Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/01/12 11:0 p.m.51 views

CVE-2017-13209

This CVE (CVE-2017-13209) affects Android 8.0–8.1 and is due to an insecure permissions check in ServiceManager::add of the hardware service manager. The check based on the caller’s PID could allow an application or service to replace a HAL service with its own, enabling local elevation of privil...

7.8CVSS7.5AI score0.00753EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.51 views

CVE-2017-13238

CVE-2017-13238 corresponds to an information-disclosure issue in the HTC Android bootloader (XBLRamDump in the Bootloader). In XBLRamDump mode a debug feature can dump memory contents, enabling local information disclosure for an attacker with physical access and without additional privileges or ...

4.7CVSS3.9AI score0.00156EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.51 views

CVE-2017-13240

CVE-2017-13240 is an information disclosure vulnerability in the Android framework’s crypto framework affecting Android 8.0 and 8.1. The NVD entry confirms an information disclosure with impact to confidentiality and a base score of 7.5 (CVSS3) and 5.0 (CVSS2). The Android Pixel/Nexus security bu...

7.5CVSS6.5AI score0.00524EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.51 views

CVE-2017-13242

CVE-2017-13242 affects Android Bluetooth System and is documented as an information disclosure vulnerability. Connected sources indicate an impact on Android versions 6.0 through 8.1 and list this CVE under the System component with a Moderate impact in Android Pixel/Nexus security bulletins; pat...

7.5CVSS6.2AI score0.00524EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.51 views

CVE-2017-13259

CVE-2017-13259 affects Android devices. The vulnerability arises from out-of-bounds reads in sdp_discovery.cc due to missing bounds checks, potentially enabling remote information disclosure without privileges or user interaction. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7...

7.5CVSS7AI score0.01331EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.51 views

CVE-2017-13275

CVE-2017-13275: In Android Framework (getVSCoverage in CmapCoverage.cpp) an out-of-bounds read caused by an incorrect bounds check could lead to local information disclosure with no privileges required. Affected products/versions: Android 8.0 and 8.1 (Android bug ID A-70808908). Exploitation requ...

5.5CVSS5.3AI score0.00156EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.51 views

CVE-2017-13285

CVE-2017-13285 affects Android and is rooted in the SvoxSsmlParser implementation (svox_ssml_parser.cpp), where an out-of-bounds write can occur due to an uninitialized buffer. This can enable remote code execution in an unprivileged process with no user interaction. The Android Security Bulletin...

10CVSS8.5AI score0.01623EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.51 views

CVE-2017-13286

CVE-2017-13286 affects Android 8.0 and 8.1, where in OutputConfiguration.java’s writeToParcel/readFromParcel a mismatched serialization permits a local permission bypass, enabling a user to start an activity with system privileges without extra execution privileges. No exploit details are provide...

7.8CVSS7.7AI score0.0033EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.51 views

CVE-2017-14872

CVE-2017-14872 describes a potential buffer over-read during flashing of a meta image in CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) when the number of images exceeds the maximum range of 32, before the 2018-06-05 security patch level. The issue is associated with the ...

5.5CVSS5.4AI score0.00166EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.51 views

CVE-2017-14880

CVE-2017-14880 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux prior to the 2018-04-05 patch level. The issue is a race condition where the global variable num_q6_rule is accessed/modified by multiple threads due to missing mutex protection in the IPA ...

7.8CVSS7.2AI score0.00127EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.51 views

CVE-2017-14885

CVE-2017-14885 affects WLAN components in Android for MSM/CAF stacks (wma_unified_link_peer_stats_event_handler). The issue arises because the function validates only the first peer_stats->num_rates against WMA_SVC_MSG_MAX_SIZE, not the sum of all peer_stats->num_rates (num_rates). As a res...

7.8CVSS7.4AI score0.00221EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.51 views

CVE-2017-15856

CVE-2017-15856 affects Android releases from CAF using the Linux kernel, due to a race condition when processing the power_stats debug file that can cause a double-free. This yields elevation of privilege on local access. The issue involves the Qualcomm power_stats debugfs node; patches tied to t...

7CVSS6.4AI score0.00132EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.51 views

CVE-2017-18067

CVE-2017-18067 affects the Qualcomm Wireless network driver in Android Qualcomm components (CAF/Linux-based Android releases). The root cause is improper input validation when processing an encrypted authentication management frame (lim_send_auth_mgmt_frame()), leading to a buffer overflow. The d...

10CVSS9AI score0.03066EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.51 views

CVE-2017-18068

CVE-2017-18068 involves an improper buffer length calculation in wma_roam_scan_filter() that can cause a buffer overflow. Affected are Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF with the Linux kernel. The issue is classified as EoP/High-impact (CVSS v3.0: 7.8) with loca...

7.8CVSS7.2AI score0.00216EPSS
CVE
CVE
added 2020/04/07 3:40 p.m.51 views

CVE-2017-18660

CVE-2017-18660 affects Samsung mobile devices running M(6.0) and N(7.x). The root cause is a buffer overflow in tlc_server, identified with Samsung SVE-2017-8888. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and impacts to confidenti...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 3:33 p.m.51 views

CVE-2017-18664

Summary (CVE-2017-18664) : Affected: Samsung mobile devices running KK (4.4), L (5.0/5.1), and M (6.0). Issue: a NULL pointer dereference in the internal component named PersonManager leads to memory corruption. Sources in the connected documents consistently describe this exact behavior without ...

7.5CVSS7.5AI score0.00415EPSS
CVE
CVE
added 2020/04/07 2:21 p.m.51 views

CVE-2017-18684

CVE-2017-18684 affects Samsung mobile devices running Lollipop 5.0/5.1 and Marshmallow 6.0 (SVoice). The issue allows a provider seizure via an application that uses a custom provider, as described in the Red Hat and NVD entries. The exact root cause details are not fully disclosed in the provide...

9.8CVSS9.3AI score0.00443EPSS
CVE
CVE
added 2020/04/07 1:52 p.m.51 views

CVE-2017-18696

CVE-2017-18696 affects Samsung mobile devices running M(6.0) and N(7.0) on Exynos7420, Exynos8890 or MSM8996 chipsets. Affected component is unspecified in the provided documents, but the issue is described as a memory corruption vulnerability tied to RKP (Samsung’s kernel protection feature). Im...

9.8CVSS9.4AI score0.00443EPSS
CVE
CVE
added 2018/05/10 2:0 p.m.51 views

CVE-2017-6289

The CVE-2017-6289 issue affects NVIDIA Tegra TZ/Tee components exposed to the Android SHIELD TV platform. The connected NVIDIA security bulletin describes a vulnerability in the Tegra kernel driver that could allow a local malicious application to execute arbitrary code within the Trusted Executi...

7.8CVSS5.9AI score0.00169EPSS
CVE
CVE
added 2018/05/10 2:0 p.m.51 views

CVE-2017-6293

CVE-2017-6293 affects NVIDIA SHIELD TV via the Tegra X1 TZ (Widevine TA); a buffer overrun in the TZ/TEE path allows local privilege escalation. The issue is described as a local code execution/elevation of privilege on the Tegra kernel driver. Public details in the connected documents indicate t...

7.8CVSS5.3AI score0.00167EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.51 views

CVE-2017-8267

CVE-2017-8267 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue is a race condition in an IOCTL handler that can lead to an integer overflow and an out-of-bounds write. Impact is described as local, with high severity in CVSS, and no explicit exploit details prov...

7.6CVSS6.8AI score0.00362EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.51 views

CVE-2017-9677

CVE-2017-9677 affects Qualcomm components, specifically the Audio driver, in CAF Android builds using the Linux kernel. The issue arises in msm_compr_ioctl_shared where ddp->params_length can be accessed/modified by multiple threads without proper locking, enabling race conditions. If ddp->...

7.8CVSS8AI score0.00306EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.51 views

CVE-2017-9683

CVE-2017-9683 describes an integer overflow in Android for MSM/CAF Linux kernel when flashing a meta image if user-supplied image offset/size are too large. Affected: Android for MSM, Firefox OS for MSM, QRD Android with CAF Linux kernel (all CAF-based Android releases). Root cause: integer overf...

7.8CVSS7.3AI score0.00158EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.51 views

CVE-2017-9697

CVE-2017-9697 is a local race condition affecting Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using CAF Linux kernel. The vulnerability arises in the diag_dbgfs_read_table path, where a race condition can permit access to memory that has already been freed during command reg...

7CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.51 views

CVE-2018-11965

Technical details about CVE-2018-11965 are not publicly provided in the connected documents. Available entries repeat the vulnerability description without concrete affected products, versions, root cause, or fixes. Monitor for updates from official advisories.

7.8CVSS7.4AI score0.00139EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.51 views

CVE-2018-12011

Technical details about CVE-2018-12011 are not provided in the supplied documents; no exposed affected products, versions, or remediation are specified here. Monitor for updates.

5.5CVSS5.2AI score0.0014EPSS
CVE
CVE
added 2020/04/08 4:18 p.m.51 views

CVE-2018-21038

CVE-2018-21038 concerns Samsung mobile devices running N(7.x) software, where the Secure Folder app’s startup logic permits an authentication bypass. The vulnerability is tied to the Secure Folder startup sequence, enabling bypass of authentication for affected devices (Samsung ID SVE-2018-11628)...

9.8CVSS9.5AI score0.00506EPSS
CVE
CVE
added 2020/04/08 5:8 p.m.51 views

CVE-2018-21043

Summary: CVE-2018-21043 affects Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810) where a information disclosure vulnerability exists in the kernel pointer handling within the g2d_drv driver caused by logging. Affected software/hardware (documented): Samsung mobile devices running O(8.x...

3.3CVSS3.9AI score0.00132EPSS
CVE
CVE
added 2020/04/08 5:37 p.m.51 views

CVE-2018-21049

CVE-2018-21049 affects Samsung mobile devices with N7.x/O8.x (Exynos). The issue is an arbitrary memory write in a Trustlet caused by a secure driver exposing access to sensitive APIs (Samsung ID SVE-2018-12881). CVSS v3.1 base score 9.8 (CRITICAL): Network attack, no user interaction, high impac...

10CVSS9.3AI score0.00564EPSS
CVE
CVE
added 2020/04/08 5:27 p.m.51 views

CVE-2018-21064

The CVE-2018-21064 entry concerns Samsung mobile devices running N(7.x)/O(8.x) software, where an array overflow exists in a driver’s input booster (Samsung SVE-2017-11816). The issue is documented across multiple feeds, with high-severity metrics (CVSS v3.1 base score 9.8, impact on confidential...

9.8CVSS9.5AI score0.00443EPSS
CVE
CVE
added 2020/04/08 5:22 p.m.51 views

CVE-2018-21069

CVE-2018-21069 affects Samsung mobile devices running N(7.x) with MediaTek chipsets. The issue is an information disclosure of kernel stack memory in a MediaTek driver. Samsung reference ID SVE-2018-11852 (July 2018). Connected sources corroborate the vulnerability but do not provide exploit deta...

7.5CVSS7.1AI score0.00413EPSS
CVE
CVE
added 2018/05/17 10:0 p.m.51 views

CVE-2018-3567

CVE-2018-3567 is a WLAN buffer overflow affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds leveraging CAF on Linux kernels before 2018-04-05. The vulnerability arises in WLAN when processing HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages (root cause:...

7.8CVSS7.4AI score0.00193EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.51 views

CVE-2018-3571

Summary: CVE-2018-3571 affects the Qualcomm KGSL driver used in Android CAF/Linux kernel releases. The vulnerability is a Use-After-Free condition that can occur when printing information about sparse memory allocations. Impact (as described): Local attacker could potentially cause memory corrupt...

7.8CVSS7.1AI score0.00165EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.51 views

CVE-2018-5825

CVE-2018-5825 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels prior to the 2018-04-05 patch level. The kernel IPA driver contains a Use-After-Free condition in the IPA subsystem, as described in the NVD record. The vulnerability is rated with CV...

7.8CVSS7.2AI score0.00158EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.51 views

CVE-2018-5904

CVE-2018-5904 describes a use-after-free vulnerability in the LPM status driver within CAF Linux kernel branches used by Android for MSM, Firefox OS for MSM, and QRD Android. The flaw arises during list traversal for cleanup, enabling a local attacker to potentially exploit the condition. The NVD...

7.8CVSS7.5AI score0.00187EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.51 views

CVE-2018-5906

CVE-2018-5906 affects Android releases (CAF builds) using the Linux kernel, specifically the debugfs module. The root cause is a missing validation of input size before copying into a buffer, leading to a potential buffer overflow. The vulnerability is described across multiple sources (NVD, CVE ...

7.8CVSS7.6AI score0.0019EPSS
CVE
CVE
added 2024/11/27 9:52 p.m.51 views

CVE-2018-9350

CVE-2018-9350 describes a vulnerability in ih264d_assign_pic_num (ih264d_utils.c) where a missing bounds check can cause an out-of-bounds read, resulting in a denial of service. The issue is triggered by user interaction and would be exploitable remotely via the affected component, as indicated b...

6.5CVSS8.7AI score0.00208EPSS
CVE
CVE
added 2024/11/19 7:17 p.m.51 views

CVE-2018-9369

CVE-2018-9369 describes a local elevation-of-privilege in the bootloader where a fastboot command allows a user to pass kernel command line arguments. The root cause is the bootloader’s handling of user-supplied kernel parameters, enabling a local attacker to gain higher privileges without additi...

7.8CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2024/11/19 9:25 p.m.51 views

CVE-2018-9428

CVE-2018-9428 : The issue affects Android’s AAudio service (AAudioServiceStreamBase.cpp, startDevice) and is caused by an out-of-bounds write stemming from a use-after-free. This can lead to local arbitrary code execution with high impact (confidentiality, integrity, and availability) as describe...

8.4CVSS7.5AI score0.00083EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.51 views

CVE-2018-9446

CVE-2018-9446 affects Android devices via an out-of-bounds write in smp_br_state_machine_event within smp_br_main.cc caused by memory corruption. This could enable remote code execution with no additional privileges and no user interaction required. Affected versions include Android 6.0 through 8...

10CVSS8.2AI score0.02056EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.51 views

CVE-2018-9458

The CVE-2018-9458 issue affects Android 8.0–8.1, rooted in computeFocusedWindow/RootWindowContainer.java where focus can be on the wrong window, enabling interception of keypresses and local elevation of privilege with user interaction required for exploitation. This could expose user keystrokes ...

7.8CVSS6.8AI score0.0057EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.51 views

CVE-2018-9504

CVE-2018-9504 affects Android Bluetooth SDP discovery: a possible out-of-bounds write in sdp_copy_raw_data (sdp_discovery.cc) due to an incorrect bounds check, enabling remote code execution with no user interaction. Affected Android versions include 7.0–9.0; exploitation status and specific patc...

8.8CVSS8.8AI score0.00893EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.51 views

CVE-2018-9590

CVE-2018-9590 affects Android 7.0–9, described as an out-of-bounds read in add_attr() within sdp_discovery.c. The issue could enable remote information disclosure without user interaction and with network access as the attack vector; no exploitation details are provided in the connected documents...

7.5CVSS5.7AI score0.01335EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.51 views

CVE-2018-9591

The CVE-2018-9591 issue affects Android components: the function bta_hh_ctrl_dat_act in bta_hh_act.cc, across Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0. It is caused by a missing bounds check that allows an out-of-bounds read, enabling remote information disclosure without extra privileges, wi...

7.5CVSS5.7AI score0.01335EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.51 views

CVE-2019-1995

CVE-2019-1995 affects Android (versions 7.0–9) in the ComposeActivityEmail class. The flaw enables a "confused deputy" scenario where an app could silently attach files to an outgoing email, causing local information disclosure and potentially sending files accessible to AOSP Mail to a remote rec...

5.5CVSS5.4AI score0.00179EPSS
CVE
CVE
added 2020/03/24 5:42 p.m.51 views

CVE-2019-20533

CVE-2019-20533 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) (China/India releases). The issue: the S Secure app can launch masked apps without a password. Root cause and technical specifics beyond this summary are not provided in the connected documents. The entry references ...

3.3CVSS4.3AI score0.00118EPSS
CVE
CVE
added 2020/03/24 5:54 p.m.51 views

CVE-2019-20542

CVE-2019-20542 affects Samsung mobile devices running Android N (7.1), O (8.x), and P (9.0) on Exynos chipsets. The issue is a kernel driver stack overflow. No exploit details or specific vulnerable components/version numbers are provided beyond this description. No remediation or patch version i...

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2020/03/24 7:47 p.m.51 views

CVE-2019-20576

The CVE-2019-20576 issue affects Samsung mobile devices running P(9.0) software. Affected component: MemorySaver Content Provider, which permits SQL injection. The root cause is an injection vulnerability in the Content Provider’s handling of queries, enabling a remote attacker to manipulate the ...

9.8CVSS9.8AI score0.00399EPSS
CVE
CVE
added 2019/08/20 7:51 p.m.51 views

CVE-2019-2132

CVE-2019-2132: Android vulnerability allowing an overlay of the VPN dialog by a malicious app, enabling local elevation of privilege. Exploitation requires user interaction and does not require additional execution privileges. Affected: Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. The issue i...

9.3CVSS7.6AI score0.00519EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.51 views

CVE-2019-2164

CVE-2019-2164 affects Android 10 due to an out-of-bounds read in libxaac caused by a missing bounds check. This could disclose information without full execution privileges; exploitation requires user interaction. The Red Hat entry confirms the same description; no patch/version details are provi...

6.5CVSS6.4AI score0.00583EPSS
Total number of security vulnerabilities8153